Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

3 security lessons we haven’t learned from the Kaseya breach

By Dan Schiappa
lessons-ideas-freepik1170x658.jpg

Image by Freepik

July 1, 2022

Not everyone had the luxury of enjoying BBQ and backyard time last Fourth of July weekend. Kaseya, an IT management software provider, spent their holiday fighting a ransomware attack. You likely saw news of the attack in headlines over that holiday weekend, especially considering Kaseya is a technology provider to thousands of managed service providers. The ripple effect of the attack disrupted hundreds, if not thousands, of small businesses that leveraged the company for their technology services. As a result, many IT and security teams had to abandon their holiday festivities to address concerns that arose from the breach. 


The attack sparked a lengthy audit for many organizations of their security posture and caused the industry to re-examine supply chain security. Now, one year later, have companies adapted to a new threat environment? Or are there still lessons we haven’t yet learned from the Kaseya incident?


1. Practice better supply chain security hygiene

What we now know is Kaseya suffered an attack that leveraged an unknown zero-day vulnerability in its software code. Patches weren’t available to Kaseya’s clients to prevent a breach, meaning that some of the basic tenets of security hygiene — patch quickly and often — would not have benefitted the thousands of companies impacted by the attack. 


But the lesson companies should have learned from this type of incident is to ensure that their supply chain vendors also follow proper security hygiene. Technology evolves quickly, and threat actors are always looking for a weak entry point, and in many cases, that is through a vendor in the supply chain. For example, if a company uses a third-party product in their supply chain, it’s critical to ensure that the company follows industry-leading security practices in both their own secure development lifecycle and provides patches when they discover a vulnerability in the wild.  


Of course, this is easier said than done, but there are steps that companies can take to reduce the cyber risk associated with their supply chain. In the aftermath of the Kaseya attack, businesses should have taken a hard look at the number of suppliers and determined which vendors are absolutely essential and which are not. The more entry points into a business’s environment, the more at-risk that business is, and limiting the number of suppliers can reduce that risk. If businesses don’t want to cut their suppliers, they can ask them to follow better security practices. Scheduling regular security reviews with suppliers can help businesses stay on top of the latest security trends, and they can go one step further by hiring a cybersecurity firm to monitor their security ecosystem. 


Of course, this can’t all happen overnight, and basic security hygiene is still just a goal for many companies. Kaseya has found that just 38% of companies apply critical patches within 30 days of release. And only 30% can patch remote, off-network devices. 


Moving forward, companies need to patch earlier and often, and they need to get eyes on their security environment.


2. Contextualize with holistic risk management

Getting eyes on security environments means improving the company’s visibility of their entire risk ecosystem. Increased visibility allows companies to contextualize risk, which helps them prioritize which items to address first. There might be a security vulnerability in an Apache server that a company deploys, but having the context is key. If that server begins talking to other servers or connecting to other networks that it normally wouldn’t, that’s a clear sign that something is wrong. But if it’s unclear what other systems or applications that vulnerability might impact, it will be challenging to understand where other vulnerabilities might exist. This example is a security environment without requisite visibility and risk without context. 


Another lesson businesses haven’t learned from Kaseya is how important it is to have a holistic view of risk environments and a more sophisticated understanding of potential threats. The only way to do this is to leverage resources to monitor the entire security ecosystem.


For a homeowner, the broken front door is their vulnerability. Installing security cameras on the front porch is the homeowner’s way of getting eyes on that vulnerability and understanding the risk environment. Kaseya showed businesses that they can’t solely rely on point products to thoroughly protect you. The only way to rapidly respond and limit exposure in the event of similar attacks is to have eyes on vulnerabilities. This allows organizations to see activity unfolding and contextualize — and prioritize — risk at any given moment or entry point. 


3. Lean on humans for last-mile observation

The final lesson that should be taken from the Kaseya attack is a simple one: Involve more humans. For all that modern cybersecurity solutions can do, no one is more adept at connecting the dots during potential incidents than experienced people. 


A company can implement as many endpoint detection and response (EDR) or extended detection and response (XDR) solutions as they want. But without the right skills to administer, manage and understand the output of those products, security technology won’t be as helpful as organizations hope. 


Companies need people to tie together observations from different areas of a risk ecosystem. They need humans to contextualize where to put security resources and to deploy a cyberattack playbook. Human operators are the difference between a security solution that is 94% and a 98% solution. It’s like having a trained home-security professional always watching the front porch camera footage. 


Unfortunately, access to these skills remains a major impediment to implementing this third lesson. In 2020, 47% of companies felt that lacking qualified staff was the biggest operational, day-to-day headache when trying to protect cloud workloads. In 2022, 44% of companies still feel that way. This lack of qualified staff means the last mile of security intelligence is left entirely up to machines. More universities are offering security programs, and companies are prioritizing CISOs and similar offices to make up for the lack of manpower. 


The thread that ties these unlearned lessons together is that not every security vulnerability is created equally, and the response to vulnerabilities is unique to each organization. A security platform may say, “the threat risk to this business asset is medium,” but that asset may be mission critical. To avoid their own Kaseya security breach, organizations must improve their cybersecurity hygiene, better contextualize risk and finish the last mile with security operation oversight from humans.

KEYWORDS: cyber security data breach risk management supply chain third-party security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Dan schiappa

Dan Schiappa is Arctic Wolf’s Chief Product Officer (CPO). In this role, Dan is responsible for driving innovation across product, engineering, alliances, and business development teams to help meet the demand for security operations. Previously, Dan was CPO with Sophos. He has served as senior vice president and general manager of the Identity and Data Protection Group at RSA, the Security Division of EMC, and held several GM positions at Microsoft Corporation. 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • SEC0820-Data-Feat-slide1_900px.jpg

    Lessons learned from the Equifax data breach

    See More
  • data-law-freepik1170x658.jpg

    Lessons learned in the five years since the Equifax data breach

    See More
  • SEC01110_Trends_Mccourt

    Top Lessons Learned from the Security 500 Conference

    See More

Related Products

See More Products
  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

  • 9780367030407.jpg

    National Security, Personal Privacy and the Law

See More Products

Events

View AllSubmit An Event
  • January 30, 2025

    Iconic and Secure: Security Lessons Learned at Georgetown University

    ON DEMAND: Georgetown University, a major international research university with nine schools, an affiliated hospital, and many highly-ranked academic programs, has a mature, layered security program.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!